Dear Community I have a Mikrotik RB750G between two switches which I abuse as a 'fill in' switch from which I need to access one specific vlan in access mode (untagged on the wire) through one port.
'Switch all Ports' is on on the Mikrotik. The two Switches are connected to ether1 and ether5 ether 2 to 5 are slaves of ether1 Both switches send untagged packets and tagged packets between their interfaces via mikrotik ether1 <=> ether5 This works fine and transparently. The mikrotik is not touching the vlan headers in transit and I get the untagged packets on the mikrotik. If I create a vlan interface with a specific ID, I get the tagged packets on that interface. My Goal is to use ether3 on the Mikrotik als 'Access' Port for vlan 5. When I do the following: Remove the master 'ether1' from ether3. Create vlan Interface 'vlan5' with master 'ether1' Create a bridge 'br-vlan5' with Members 'vlan5 and ether3' I can use ether3 as access port. A client on the wire of ether3 is isolated in vlan 5 of my network. But that goes through the Mikrotik CPU and can probably not reach wire speed. So I did the following: Have ether2 to 5 as slaves of ether1. On the switch 'ports' config of ether3: => vlan mode => secure => vlan header => always strip => default vlan id => 5 On the switch 'vlan' config of ether3: => Vlan id 5, Port ether3 As I understand the Wiki, this should only send packets with vlan ID 5 out of ether3 and strip the header, so they leave the wire untagged. Untagged incomming packets should get tagged with ID 5. I did play around a bit with vlan mode, or adding all three involved ports on the switch 'vlan' settings. Unfortunately none of my experiments worked. Untagged 'ingress' packets seem not to get tagged. Untagged packets who travel from ether1 to ether5 also leave ether3 untagged (like IPv6 RA) and don't get filtered out. Any idea how I can use the switch features to create a wire speed access port in a specific vlan? -BenoƮt Panizzon- -- I m p r o W a r e A G - Leiter Commerce Kunden ______________________________________________________ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 Pratteln Fax +41 61 826 93 01 Schweiz Web http://www.imp.ch ______________________________________________________ _______________________________________________ Mikrotik mailing list [email protected] http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
